C++: new query for futile arguments to C functions

2026-04-30 19:26:02 +02:00 · 2019-01-17 10:45:10 -08:00
parent 6af8948a3f
commit 64ed9305d3
7 changed files with 83 additions and 0 deletions
--- a/Typos/FutileParams.c
+++ b/Typos/FutileParams.c
@@ -0,0 +1,11 @@
+void no_argument();
+
+void one_argument(int x);
+
+void calls() {
+	no_argument(1) // BAD: `no_argument` will accept and ignore the argument
+	
+	one_argument(1); // GOOD: `one_argument` will accept and use the argument
+	
+	no_argument(); // GOOD: `no_argument` has not been passed an argument
+}
--- a/Typos/FutileParams.qhelp
+++ b/Typos/FutileParams.qhelp
@@ -0,0 +1,24 @@
+<!DOCTYPE qhelp PUBLIC
+  "-//Semmle//qhelp//EN"
+  "qhelp.dtd">
+<qhelp>
+
+
+<overview>
+<p>A function is called with arguments despite having an empty parameter list. This may indicate
+that the incorrect function is being called, or that the author misunderstood the function.</p>
+
+</overview>
+<recommendation>
+<p>Call the function without arguments, or call a different function that expects the arguments
+being passed.</p>
+
+</recommendation>
+<example><sample src="FutileParams.c" />
+
+</example>
+
+<references>
+<li>SEI CERT C++ Coding Standard: <a href="https://wiki.sei.cmu.edu/confluence/display/c/DCL20-C.+Explicitly+specify+void+when+a+function+accepts+no+arguments"> DCL20-C. Explicitly specify void when a function accepts no arguments </a></li>
+</references>
+</qhelp>
--- a/Typos/FutileParams.ql
+++ b/Typos/FutileParams.ql
@@ -0,0 +1,18 @@
+/**
+ * @name Non-empty call to function declared without parameters
+ * @description A call to a function declared without parameters has arguments, which may indicate
+ *              that the code does not follow the author's intent.
+ * @kind problem
+ * @problem.severity warning
+ */
+
+import cpp
+
+from Function f, FunctionCall fc
+where fc.getTarget() = f
+  and f.getNumberOfParameters() = 0
+  and not f.isVarargs()
+  and fc.getNumberOfArguments() != 0
+  and not f instanceof BuiltInFunction
+  and exists(FunctionDeclarationEntry fde | fde = f.getADeclarationEntry() | not fde.isImplicit())
+select fc, "This call has arguments, but $@ is not declared with any parameters.", f, f.toString()
--- a/Typos/FutileParams/FutileParams.expected
+++ b/Typos/FutileParams/FutileParams.expected
@@ -0,0 +1,3 @@
+| test.c:7:3:7:5 | call to foo | This call has arguments, but $@ is not declared with any parameters. | test.c:1:6:1:8 | foo | foo |
+| test.c:13:3:13:19 | call to not_yet_declared1 | This call has arguments, but $@ is not declared with any parameters. | test.c:13:3:13:3 | not_yet_declared1 | not_yet_declared1 |
+| test.c:13:3:13:19 | call to not_yet_declared1 | This call has arguments, but $@ is not declared with any parameters. | test.c:17:6:17:22 | not_yet_declared1 | not_yet_declared1 |
--- a/Typos/FutileParams/FutileParams.qlref
+++ b/Typos/FutileParams/FutileParams.qlref
@@ -0,0 +1 @@
+Likely Bugs/Likely Typos/FutileParams.ql
--- a/cpp/ql/test/query-tests/Likely
+++ b/cpp/ql/test/query-tests/Likely
@@ -0,0 +1,18 @@
+void foo();
+void bar(void);
+void baz(int);
+
+void test() {
+  foo(); // GOOD
+  foo(1); // BAD
+  bar(); // GOOD
+  baz(1); // GOOD
+  
+  undeclared(1); // GOOD
+  
+  not_yet_declared1(1); // BAD
+  not_yet_declared2(1); // GOOD
+}
+
+void not_yet_declared1();
+void not_yet_declared2(int);
--- a/cpp/ql/test/query-tests/Likely
+++ b/cpp/ql/test/query-tests/Likely
@@ -0,0 +1,8 @@
+void cpp_varargs(...);
+void bar();
+
+void test() {
+  cpp_varargs(); // GOOD
+  cpp_varargs(1); // GOOD
+  __builtin_constant_p("something"); // GOOD: builtin
+}